| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-9599 | Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update | russellr | Tectite Forms | Medium | 4.3 | 2026-06-02 07:48:31 | Deep Dive |
| CVE-2026-8885 | DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | marcqueralt | DeMomentSomTres Shortcodes | Medium | 6.4 | 2026-06-02 07:48:31 | Deep Dive |
| CVE-2026-9723 | Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page | ddd2500 | Google Plus One Bottom | Medium | 4.3 | 2026-06-02 07:48:30 | Deep Dive |
| CVE-2026-2425 | hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting via 'new_domain' Parameter | den-media | hiWeb Migration Simple | Medium | 6.1 | 2026-06-02 07:48:30 | Deep Dive |
| CVE-2026-4080 | Easy Cart <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | zeshanb | Easy Cart | Medium | 6.4 | 2026-06-02 07:48:30 | Deep Dive |
| CVE-2026-1450 | rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'mode' Parameter | federicocarrara | rognone | Medium | 6.1 | 2026-06-02 07:48:29 | Deep Dive |
| CVE-2025-5085 | wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter | ariyes | WP Nano AD | Medium | 5.5 | 2026-06-02 07:48:29 | Deep Dive |
| CVE-2026-9234 | JTL-Connector for WooCommerce <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification via Multiple Functions | ntbyk | JTL-Connector for WooCommerce | Medium | 4.3 | 2026-06-02 07:48:28 | Deep Dive |
| CVE-2026-2382 | FPW Category Thumbnails <= 1.9.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'id' Parameter | frankpw | FPW Category Thumbnails | Medium | 6.4 | 2026-06-02 07:48:28 | Deep Dive |
| CVE-2026-4071 | BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change | birdseedapp | BirdSeed | Medium | 4.3 | 2026-06-02 07:48:28 | Deep Dive |
| CVE-2026-4081 | ZeM STL <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | jhdscript | ZeM STL | Medium | 6.4 | 2026-06-02 07:48:27 | Deep Dive |
| CVE-2026-3514 | Authentication Bypass in prefecthq/prefect | prefecthq | prefecthq/prefect | - | - | 2026-06-02 07:28:33 | Deep Dive |
| CVE-2026-1784 | Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection | Red Hat | Red Hat OpenShift Container Platform 4 | High | 8.8 | 2026-06-02 07:22:26 | Deep Dive |
| CVE-2026-8293 | Really Simple Security < 9.5.10.1 - Authentication Bypass via Two-Factor OTP Skip | Unknown | Really Simple Security | - | - | 2026-06-02 06:00:02 | Deep Dive |
| CVE-2026-8206 | Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password' | themeum | Kirki – Freeform Page Builder, Website Builder & Customizer | Critical | 9.8 | 2026-06-02 03:28:49 | Deep Dive |
| CVE-2026-3198 | Improper Access Control in mlflow/mlflow | mlflow | mlflow/mlflow | - | - | 2026-06-02 02:50:48 | Deep Dive |
| CVE-2026-10583 | nextlevelbuilder GoClaw TTS Configuration Endpoint tts_config.go import server-side request forgery | nextlevelbuilder | GoClaw | Medium | 4.7 | 2026-06-02 02:45:09 | Deep Dive |
| CVE-2026-10581 | DedeCMS download.php base64_decode server-side request forgery | - | DedeCMS | Medium | 6.3 | 2026-06-02 02:30:08 | Deep Dive |
| CVE-2026-10568 | itsourcecode Fees Management System manage_payment.php sql injection | itsourcecode | Fees Management System | Medium | 6.3 | 2026-06-02 02:15:08 | Deep Dive |
| CVE-2026-3871 | Zyxel VMG4005固件UPnP缓冲区溢出致DoS | Zyxel | VMG4005-B50B firmware | Medium | 6.5 | 2026-06-02 02:04:17 | Deep Dive |